subject:"\[PATCH\] test\-org\-macro.el\: Add test for CVE\-2024\-30202 \(was\: Re\: \[ANN\] Emergency bugfix release\: Org mode 9.6.23\)"

Re: [PATCH] test-org-macro.el: Add test for CVE-2024-30202 (was: Re: [ANN] Emergency bugfix release: Org mode 9.6.23)

2024-05-06 Thread Ihor Radchenko

Max Nikulin  writes:

> On 25/03/2024 00:16, Ihor Radchenko wrote:
>> 
>> I just released Org mode 9.6.23 that fixes several critical
>> vulnerabilities.
>
> Since a variant of exploit has been published, it is time to add a test 
> that might prevent code change re-introducing the most severe vulnerability.
> From af8cddb44f5ee01fb1c7c9cf664ddbc83c63ac56 Mon Sep 17 00:00:00 2001
> From: Max Nikulin 
> Date: Mon, 6 May 2024 19:04:17 +0700
> Subject: [PATCH] test-org-macro.el: Add test for CVE-2024-30202

Thanks!
Applied, onto main, after adding another test case with a call to
(org-mode). Just to be sure.
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=51aff8a11

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at .
Support Org development at ,
or support my work at

[PATCH] test-org-macro.el: Add test for CVE-2024-30202 (was: Re: [ANN] Emergency bugfix release: Org mode 9.6.23)

2024-05-06 Thread Max Nikulin


On 25/03/2024 00:16, Ihor Radchenko wrote:


I just released Org mode 9.6.23 that fixes several critical
vulnerabilities.


Since a variant of exploit has been published, it is time to add a test 
that might prevent code change re-introducing the most severe vulnerability.
From af8cddb44f5ee01fb1c7c9cf664ddbc83c63ac56 Mon Sep 17 00:00:00 2001
From: Max Nikulin 
Date: Mon, 6 May 2024 19:04:17 +0700
Subject: [PATCH] test-org-macro.el: Add test for CVE-2024-30202

* testing/lisp/test-org-macro.el (test-org-macro/initialize-templates):
A new test that no code is evaluated when an Org file is opened
(CVE-2024-30202).

Ihor Radchenko [ANN] Emergency bugfix release: Org mode 9.6.23.
Sun, 24 Mar 2024 17:16:50 +.

---
 testing/lisp/test-org-macro.el | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/testing/lisp/test-org-macro.el b/testing/lisp/test-org-macro.el
index 3339945fa..88a51693c 100644
--- a/testing/lisp/test-org-macro.el
+++ b/testing/lisp/test-org-macro.el
@@ -22,6 +22,16 @@ ;;; Code:
 
 ;;; Macros
 
+(ert-deftest test-org-macro/initialize-templates ()
+  "Test `org-macro-initialize-templates'."
+  ;; No code is executed during loading of Org mode files."
+  (should
+   (org-test-with-temp-text
+   "#+MACRO: title (eval (eval-and-compile (error \"CVE-2024-30202\")))"
+ (progn
+   (org-macro-initialize-templates)
+   t
+
 (ert-deftest test-org/macro-replace-all ()
   "Test `org-macro-replace-all' specifications."
   ;; Standard test.
-- 
2.39.2

Re: [PATCH] test-org-macro.el: Add test for CVE-2024-30202 (was: Re: [ANN] Emergency bugfix release: Org mode 9.6.23)

[PATCH] test-org-macro.el: Add test for CVE-2024-30202 (was: Re: [ANN] Emergency bugfix release: Org mode 9.6.23)

2 matches

Site Navigation

Mail list logo

Footer information